Back to skill

Security audit

碎片知识缝纫师

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local knowledge-management skill that reads user-provided notes and saves local knowledge files, with privacy caveats but no evidence of deception, exfiltration, or destructive behavior.

Install only if you are comfortable with a local knowledge base storing the notes, files, screenshots, or web content you provide. Avoid feeding it secrets, credentials, regulated data, or private chats unless you intend to retain them locally, and periodically review or delete the generated knowledge files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill describes capabilities to read and write local files and process content from external sources, but no explicit permissions are declared. This creates a transparency and authorization gap: users and the platform may not understand that persistent storage and repository scanning will occur, increasing the risk of unintended data access or retention.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented behavior extends beyond the headline description into broader repository scanning, clustering, document generation, and persistent writes. When a skill does more than users would reasonably expect from its description, it can cause unauthorized data processing or surprise persistence, especially in a knowledge-management context that may contain sensitive notes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages collection of text, screenshots, file contents, URLs, and content from chat/web/document sources, but gives no warning that these inputs may contain sensitive personal, corporate, or confidential data. In a knowledge-management skill, broad ingestion from multiple sources increases the chance of unintentional privacy violations or over-collection, especially when users may not realize the tool is processing and retaining extracted content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README says collected fragments are automatically saved to a knowledge base without warning users about persistent storage, review-before-save, or deletion/retention behavior. This is dangerous because users may paste sensitive notes or imported content assuming temporary analysis, when the tool instead retains it by default and potentially expands exposure of private data.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger language is broad enough to match many ordinary requests about organizing information or building knowledge systems. Overbroad activation can cause the skill to engage in file access, OCR, or persistence in situations where the user did not clearly request those actions, increasing the chance of accidental overreach.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly reads from and writes to a local knowledge repository but does not warn users that existing notes will be scanned and new files will be persisted. In a personal knowledge base, this can expose sensitive content and create lasting records without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that uploaded screenshots will undergo OCR extraction, but gives no privacy warning about processing potentially sensitive image contents such as messages, credentials, or personal data. Users may provide screenshots expecting visual review, not full text extraction and storage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code writes all collected fragments, including raw content and metadata, to a local JSON file without any consent flow, sensitivity filtering, encryption, or access-control safeguards. In this skill’s context, the inputs are explicitly drawn from chats, web pages, documents, and meeting notes, so the stored data may contain confidential or personal information and could be exposed to other local users, backups, or later unintended processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.